Closed
Bug 1474067
Opened 7 years ago
Closed 7 years ago
[wpt-sync] Sync PR 11838 - Un-deprecated 'child-src'
Categories
(Core :: DOM: Security, enhancement, P4)
Core
DOM: Security
Tracking
()
RESOLVED
FIXED
mozilla63
Tracking | Status | |
---|---|---|
firefox63 | --- | fixed |
People
(Reporter: wpt-sync, Unassigned)
References
()
Details
(Whiteboard: [wptsync downstream][domsecurity-backlog])
Sync web-platform-tests PR 11838 into mozilla-central (this bug is closed when the sync is complete).
PR: https://github.com/web-platform-tests/wpt/pull/11838
Details from upstream follow.
Andy Paicu <andypaicu@chromium.org> wrote:
> Un-deprecated 'child-src'
>
> 'child-src' is now part of the fallback chain for 'worker-src'.
> This means that if 'child-src' always takes precedence over 'script-src'
> when checking worker requests.
> Added extra tests to ensure that a worker request blocked by
> 'child-src' and allowed by 'script-src' is blocked.
>
> Removed previous logic that considered 'script-src' to be the
> fallback for 'worker-src' and amended tests. Removed "temporary"
> logic put in place to not brake "child-src" using sites.
>
> Refactored the OperativeDirective logic to ensure that the caller
> does not need to be aware of precise fallback chain of the directive,
> otherwise the way to get the 'worker-src' operative directive would be:
>
> OperativeDirective(worker_src_.Get(),
> OperativeDirective(child_src_.Get(),
> OperativeDirective(script_src_.Get())));
>
> To be submitted with the spec PR as it includes tests.
> Spec: https://github.com/w3c/webappsec-csp/pull/313
>
> Bug: 669496
> Change-Id: I7ca9552df1d0ce203a604b0e469a268f6b112e49
>
> Reviewed-on: https://chromium-review.googlesource.com/1128087
> WPT-Export-Revision: e0cb359cb9cf659e6ea04915c0afcb5a11b9c866
Assignee | ||
Updated•7 years ago
|
Component: web-platform-tests → DOM: Security
Product: Testing → Core
Assignee | ||
Comment 1•7 years ago
|
||
Assignee | ||
Comment 2•7 years ago
|
||
Pushed to try (stability) https://treeherder.mozilla.org/#/jobs?repo=try&revision=b8420dd7e6624a2fa5fffd8202f0d35462cb5450
Updated•7 years ago
|
Whiteboard: [wptsync downstream] → [wptsync downstream][domsecurity-backlog]
Assignee | ||
Updated•7 years ago
|
Whiteboard: [wptsync downstream][domsecurity-backlog] → [wptsync downstream]
Assignee | ||
Comment 3•7 years ago
|
||
Updated•7 years ago
|
Whiteboard: [wptsync downstream] → [wptsync downstream][domsecurity-backlog]
Assignee | ||
Comment 4•7 years ago
|
||
Pushed to try (stability) https://treeherder.mozilla.org/#/jobs?repo=try&revision=15c0e05a014739fb61063f192fe530d764521d2a
Assignee | ||
Updated•7 years ago
|
Whiteboard: [wptsync downstream][domsecurity-backlog] → [wptsync downstream]
Assignee | ||
Comment 5•7 years ago
|
||
Assignee | ||
Comment 6•7 years ago
|
||
Assignee | ||
Comment 7•7 years ago
|
||
Ran 15 tests and 15 subtests
OK : 15
PASS : 12
FAIL : 3
New tests that have failures or other problems:
/content-security-policy/worker-src/dedicated-worker-src-child-fallback-blocked.sub.html
Same-origin dedicated worker allowed by worker-src 'self'.: FAIL
/content-security-policy/worker-src/service-worker-src-child-fallback-blocked.https.sub.html
Same-origin service worker allowed by child-src 'self'.: FAIL
/content-security-policy/worker-src/shared-worker-src-child-fallback-blocked.sub.html
Same-origin shared worker allowed by child-src 'self'.: FAIL
Updated•7 years ago
|
Whiteboard: [wptsync downstream] → [wptsync downstream][domsecurity-backlog]
Assignee | ||
Comment 8•7 years ago
|
||
Pushed to try (stability) https://treeherder.mozilla.org/#/jobs?repo=try&revision=15f34bdde1ce03143ff3289c1d11e9c966f870cd
Pushed by wptsync@mozilla.com:
https://hg.mozilla.org/integration/mozilla-inbound/rev/80e0f5033581
[wpt PR 11838] - Un-deprecated 'child-src', a=testonly
https://hg.mozilla.org/integration/mozilla-inbound/rev/6b1a0510aa8f
[wpt PR 11838] - Update wpt metadata, a=testonly
Comment 10•7 years ago
|
||
bugherder |
https://hg.mozilla.org/mozilla-central/rev/80e0f5033581
https://hg.mozilla.org/mozilla-central/rev/6b1a0510aa8f
Status: NEW → RESOLVED
Closed: 7 years ago
status-firefox63:
--- → fixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla63
You need to log in
before you can comment on or make changes to this bug.
Description
•